"Cox says he was told by the site's operator in an email that Insecam was out to prove the laziness of people and the password protections on their cameras. The operator used easily accessible directories like Shodanhq that sweep the internet looking for the IP address of devices connected to the internet. "

They locate IP addresses of devices...eg.. cameras, routers...etc and then test the password protections by simply typing in default admin log on. If a device has not been set up with password credentials overriding admin, they get in.

Devices, such as routers, come with default management issues that one must change on configuration...if you do not...they enter with default admin credentials.

Individuals managing passwords for their limited equipment is not really the problem for the Internet of things.

Where the problem is, would be of companies (or individuals) trying to manage multitudes of connected devices...such as GE with their initiative.

When they configure 1000's, if not millions, of connected devices they need something automated and full proof that automatically sets physical security parameters with their access equipment.

doni